PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE SERVICES. You must be 18 years of age or older to use this app and the Services contained within. It is expressly prohibited for minors under the age of 18 to create an account or use the Services.
Your privacy is important to us and we are committed to protecting it through our compliance with this privacy policy (“Policy”) . The information provided below describes how and why we process your personal data, which you share with us and which we collect when you access or use our services, CURE Daily mobile application and/or our website (“Site”) located at www.curedaily.com (such services, CURE and the Site are collectively referred to as the “Services”) .
Protected Health Information or Personal Data (hereinafter “PHI” ) means any information relating to an identified or identifiable natural person.
The information provided does not apply to third-party online websites, pages or services that can be accessed via hyperlinks through the Services. Clicking on those hyperlinks may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our Services, we encourage you to read the privacy policy of every website or mobile application you visit.
This Notice of Privacy Practices describes how CURE may collect, use and disclose your protected health information, and your rights concerning your protected health information. “Protected health information” or “PHI” is information about you, including demographic information, that can reasonably be used to identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care to you or the payment for that care.
State and federal law require us to maintain the privacy of your protected health information. This includes protecting all of your information whether it is oral, written, or in electronic format. The federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) also requires us to provide you this notice about our legal duties and privacy practices.
This notice takes effect on January 1, 2021. We must follow the privacy practices described in this Notice while it is in effect. This Notice replaces any other information you have previously received from us with respect to your PHI.
How does CURE protect my personal health information
CURE has a detailed policy on confidentiality. All CURE employees are required to protect the confidentiality of your PHI. An employee may only access your information when they have an appropriate reason to do so. Each employee or temporary employee must sign a statement that he or she has read and understands the policy. On an annual basis, CURE will send a notice to employees to remind them of this policy. Any employee who violates the policy is subject to discipline, up to and including dismissal. CURE also maintains physical, electronic, and procedural safeguards to protect your information.
How does CURE collect protected health information?
CURE gets PHI from:
• Information we receive directly or indirectly from you (e.g., name, address, social security number, date of birth, marital status, dependent information, employment information and medical history). • Information collected when using our facial scanning feature. The following types of information are collected:Identification and Contact Data
Personal Characteristics
To achieve more accurate Measurement results, the processing and analysis may also require or involve additional Personal Data including, but not limited to, the following:
Biometric Data
When you use the facial scanning feature, we capture, but do not store, images and video through supported mobile device cameras for the purpose of extracting and analyzing the following:
Personal Habits and Medical History
To achieve more accurate Measurement results, the processing and analysis may also require or involve additional Personal Data including, but not limited to, asking if you are any or all of the following:
Location Information
The Services may include features that use precise location data that is derived from your GPS, WiFi, compass, accelerometer, IP address, or public posts that contain location information. We collect this type of data if you grant us access to your location.
Log Data
When you use our Services, our servers automatically record certain information about how a person uses our Services whether through the use of cookies, web beacons, log files, and scripts, including without limitation your IP address, device carrier-related information, configuration information, information about your interaction with our Services and your usage patterns, device information, application settings, and the date, time and/or location that a Measurement was taken.
How does CURE use and disclose my protected health information?
HIPAA and other laws allow or require us to use or disclose your PHI for many different reasons. We can use or disclose your PHI for some reasons without your written agreement. For other reasons, we need you to agree in writing that we can use or disclose your PHI.
Uses and Disclosures for Treatment, Payment, and Health Care Operations: CURE uses and discloses protected health information in a number of different ways in connection with your treatment, the payment for your health care, and our health care operations. The following are only a few examples of the types of uses and disclosures of your protected health information that we are permitted to make without your authorization for these purposes:
Payment: We will use and disclose your protected health information to administer your health benefits policy or contract, which may involve:
How does CURE use and disclose my protected health information acquired through the Facial Scanning feature?
We use the PHI Data you provide or which we collect mainly for the following purposes. We have included below a list of all the ways in which we use your personal data and the lawful bases (where applicable) we rely on to do so.
PROVIDE THE SERVICE
ANALYSE, DEVELOP AND IMPROVE TECHNICAL FUNCTIONALITIES, AND ENSURE THE SECURITY OF OUR SERVICES
OTHER PURPOSES
Safety and Security If necessary, we may use your PHI Data to promote the safety and security of our Services and our users. We may use your Personal Data to monitor operations, authenticate users, detect and protect against fraud and other criminal activity and enforce our Terms and Conditions and other policies. We will rely on our legitimate interests when processing Personal Data in detecting and preventing fraud and illegal conduct or if necessary for complying with a legal obligation to which we are subject.
Manage and Defend Legal Claims If necessary, we may use your PHI Data to manage and defend legal claims (e.g. in connection with a dispute or a court proceeding). We will in such case process the PHI Data collected which is necessary in order to manage and defend the legal claim in question. The processing is based on our legitimate interest of managing and defending legal claims. Your Personal Data is stored for this purpose for such a period as is necessary in order to manage or defend the legal claim. For this purpose, we may also share certain information with other parties, please see below.
Fulfill Legal Obligations Finally, we may use your Personal Data to fulfil legal obligations that we have (e.g. accounting requirements or obligations under data protection laws). We will in such case process the Personal Data collected which is necessary in order to fulfill the legal obligation in question. Your Personal Data is stored for such a period as is necessary in order to fulfill respective legal obligations. For this purpose, we may share your Personal Data with other parties, see below.
We will only use your Personal Data for the reasons we have set above. If we need to use your Personal Data for any other reason, we will let you know and tell you the reason along with the relevant lawful basis, unless the law prevents us from doing so.
Other Permitted or Required Uses and Disclosures of Protected Health Information: In addition to treatment, payment, and health care operations, federal law allows or requires us to use or disclose your protected health information in the following additional situations without your authorization:
Abuse or Neglect: We may make disclosures to government authorities if we believe you have been a victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when we are required or authorized by law to do so.
Required by Law: We may use or disclose your protected health information to the extent we are required to do so by state or federal law. For example, the HIPAA law compels us to disclose PHI when required by the Secretary of the Department of Health and Human Services to investigate our compliance efforts.
Health Oversight: We may disclose your protected health information to a government agency authorized to oversee the health care system or government programs, or its contractors (e.g., state insurance department, U.S. Department of Labor) for activities authorized by law, such as audits, examinations, investigations, inspections, and licensure activity.
Public Health Activities: We may disclose your protected health information to an authorized public health authority for purposes of public health activities. The information may be disclosed for such reasons as controlling disease, injury, or disability.
Other Uses and Disclosures (Requires Written Authorization): For all other uses or disclosures not described above, CURE will always obtain your written authorization prior to conducting these activities.
Disclosure of “Highly Confidential” PHI: Certain kinds of PHI are deemed as “highly confidential” due to the sensitivity of the information.
For example: Additional protection might be added for these kinds of PHI as required by state and federal law. MMG will only disclose “highly confidential” PHI only when we have obtained prior written authorization from you unless otherwise required by law.
Will CURE give my PHI to my family or friends? We will only disclose your PHI to a member of your family (including your spouse), a relative, or a close friend in the following circumstances:
Will CURE disclose my personal health information to anyone outside of CURE? CURE may share your protected health information with affiliates such as the laboratory we send your specimen to for testing. CURE may also share your personal health information with an individual, software development partner, or company that is working as a contractor or consultant for MMG. Whenever such an arrangement involves the use or disclosure of your protected health information, we will have a written contract that contains terms designed to protect the privacy of your protected health information.
When does CURE need my written authorization to use or disclose my personal health information? We have described in the preceding paragraphs those uses and disclosures of your information that we may make either as permitted or required by law or otherwise without your written authorization. For other uses and disclosures of your medical information, we must obtain your written authorization. A written authorization request will, among other things, specify the purpose of the requested disclosure, the persons or class of persons to whom the information may be given, and an expiration date for the authorization. If you do provide a written authorization, you generally have the right to revoke it.
What are my rights with respect to my PHI? The following is a brief statement of your rights with respect to your protected health information:
Right to Request Restrictions: You have the right to ask us to place restrictions on the way we use or disclose your protected health information for treatment, payment or health care operations or to others involved in your health care. However, we are not required to agree to these restrictions. If we do agree to a restriction, we may not use or disclose your protected health information in violation of that restriction, unless it is needed for an emergency.
Right to Request Confidential Communications: You have the right to request to receive communications of protected health information from us by alternative means or at alternative locations if you clearly state that the disclosure of all or part of that information could endanger you. We will accommodate reasonable requests. Your request must be in writing.
Right to Access Your Protected Health Information: You have the right to see and get a copy of the protected health information about you that is contained in a “designated record set,” with some specified exceptions. Your “designated record set” includes enrollment, payment, claims adjudication, case or medical management records and any other records that we use to make decisions about you. Requests for access to copies of your records must be in writing and sent to the attention of the CURE Legal Department. Please provide us with the specific information we need to fulfill your request. We reserve the right to charge a reasonable fee for the cost of producing and mailing the copies.
Right to Amend Your Protected Health Information: You have the right to ask us to amend any protected health information about you that is contained in a “designated record set” (see above). All requests for amendment must be in writing and on a CURE Request for Amendment form. Please contact the CURE Legal Department to obtain a copy of the form. You also must provide a reason to support the requested amendment. In certain cases, we may deny your request. For example, we may deny a request if we did not create the information, as is often the case for medical information in our records. All denials will be made in writing. You may respond by filing a written statement of disagreement with us, and we would have the right to rebut that statement. If you believe someone has received the unamended protected health information from us, you should inform us at the time of the request if you want them to be informed of the amendment.
Right to Request a List (accounting) of Certain Disclosures:
You have the right to request an account of the times we have shared your health information. This accounting requirement applies for six years from the date of the disclosure.
Right to a Notice in the event of a Breach:
In the event of a data breach, you have the right to receive notice regarding the incident.
Right to Request a Copy of this Notice:
If you have received this notice electronically, you have the right to obtain a paper copy of this notice upon request.
Who should I contact if I have a question about this notice or a complaint about how CURE is using my personal health information?
To exercise your rights under this Notice or to file a complaint with CURE, please call us at (310) 456- 1458 or write to:
Privacy Officer - Compliance Department
Malibu Medical Group
22741 Ste 200 Pacific Coast Highway Malibu, CA 90265
Complaints to the Federal Government: If you believe your privacy rights have been violated, you also have the right to file a complaint with the Secretary of the Department of Health and Human Services at https://www.hhs.gov/ocr/complaints/index.html.
You will not be retaliated against for filing a complaint with us or the federal government.
How does CURE protect my data?
We and our technology partners keep your data safe adopting the best practices and highest standards in terms of security. All required technical and organizational security measures have been adopted. We take various steps to protect your Personal Data from unauthorized access, use or modification and unlawful destruction and disclosure, for example:
Please be aware that, despite our efforts, we do not warrant or guarantee that unauthorized access will never occur as no method of transmitting or storing information is completely secure.
What is CURE’s Data Retention and Storage policies?
Data Retention
In principle, unless otherwise stated, your Personal Data will only be stored until the purpose of the collection and storage no longer applies. In accordance with your consent, data may also be stored for longer, as long as you do not withdraw your consent. After this period, we may keep your personal data for a further time period to: (a) communicate with you about any questions or complaints you may have after you have stopped being a user of our Services; or (b) to comply with the rules on accounting, reporting or any other law.
Furthermore, data may be stored if this has been provided for by the competent legislator in regulations, laws or other regulations to which we are subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
In the event of termination - for whatever reason - of the agreement between the user and us we shall keep all content, information and (personal) data uploaded by the user available for retrieval by the user for a further 90 days after termination. After expiry of this period, the aforementioned content will be irrevocably deleted or anonymized in accordance with data protection regulations.
To protect your privacy, certain information that we collect which can identify you as an individual is not stored. In particular, we do not store your facial image or video recordings neither on the device on which this app is installed nor on the cloud. We will retain your Personal Data for as long as is reasonably necessary for the various purposes mentioned above or to otherwise comply with any applicable laws and regulations concerning the mandatory retention of specific types of Personal Data. We will retain your data for as long as your account is active or as needed to provide you Services. We will retain and use your data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; this retention period may extend past the point at which you close your account.
In certain circumstances, we may aggregate your Personal Data (so that it will no longer identify you) for research, analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If you would like further information on how long we keep your Personal Data, please contact us using the details set out at the end of this Policy.
Storage Location
All Personal Data processed and collected to provide our Services outside of the device in which this app is installed is stored with cloud service providers managed by us or our application development partners.
You can ask us for more information about where we may transfer or store your Personal Data and how we will take steps to ensure your Personal Data is protected by using the contact details at the end of this Policy.
What rights do I have in regards to my PHI data?
Your access to certain rights depends on the country in which you are based and you may have certain rights in relation to the use of your Personal Data. If you wish to exercise your rights, please contact us at: [email protected]
You have the right to:
TO BE INFORMED
You have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data, and your rights. This is what we are doing, providing you with the information in this Privacy Policy.
TO ACCESS YOUR PERSONAL DATA
You have the right to request access to your Personal Data and request a copy of your Personal Data that we store. If you have created a user account, you can view certain information directly from our Services on your user interface or by sending us a specific request.
TO UPDATE YOUR PERSONAL DATA
You have the right to request that Personal Data that is incorrect or incomplete is corrected or completed. If you have created a user account, you can update certain information directly in your account or by sending us a specific request.
TO WITHDRAW CONSENT
If we rely on your consent to the use of your Personal Data you have the right to, at any time, withdraw your consent. The consent withdrawal does not affect the legality of the processing carried out previously on the basis of the consent.
TO DELETE YOUR PERSONAL DATA (RIGHT TO BE FORGOTTEN)
You can at any time request that your user account is deleted. Moreover, under certain circumstances, you have the right to request that your Personal Data shall be deleted. Please note that if you request us to remove your Personal Data, you may not be able to use our Services.
We may, however, still need to keep your Personal Data if we are obligated to keep certain data in order to fulfill legal obligations or to manage or defend legal claims.
TO RESTRICT THE USE OF YOUR PERSONAL DATA
You have, under certain circumstances, the right to request that the use of your Personal Data is restricted. If you have requested restriction of the use of your Personal Data, please note that you cannot use the platform during the time that the use of your Personal Data is restricted.
TO OBJECT TO THE USE OF YOUR PERSONAL DATA
Certain use of your Personal Data is based on our or others’ legitimate interest. You may have the right to object to the use of your Personal Data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your Personal Data where the use is based on a legitimate interest, unless we can show that the interest overrides your privacy interest or that the use of your Personal Data is necessary in order to manage or defend legal claims.
TO NOT TO BE SUBJECT TO A DECISION BASED SOLELY ON AUTOMATED DECISION-MAKING
You may have the right not to be subject to such type of automated decision-making about you, unless: (a) you gave us your explicit consent to use your Personal Data to make our decision; (b) we are allowed by law to make our decision; or (c) our automated decision was necessary to enable us to enter into a contract with you.
TO TRANSFER YOUR PERSONAL DATA (DATA PORTABILITY)
You have the right to obtain a copy of certain information that you have provided to us in a structured machine-readable format which allows you to transfer the data to another recipient.
Responding to Your Requests
Subject to the applicable law, you are entitled to submit the above requests by contacting us at [email protected]
We will respond to all requests that we receive from users in accordance with applicable data protection laws. Subject to applicable laws, we reserve the right to refuse the request if it is manifestly unfounded or manifestly excessive. In these scenarios, we will inform you of the reasons why and your corresponding rights.
Is there anything else I need to know?
UPDATES TO THIS POLICY
We may modify and revise this Policy from time to time. Any information that we collect is subject to the Privacy Policy in effect at the time such information is collected. Any changes we make to our Privacy Policy in the future will be posted on this page, and where appropriate, notified to you by email or notifications via Anura. We therefore encourage you to review it from time to time to stay informed of how we are processing your data.
CONTACT US
If you have questions, suggestions, or concerns about this Policy, or about our use of your Personal Data, please contact us at [email protected]